Mobilize Your Corporate Content and Apps Enable Simple and Secure Mobile Collaboration for Business

www.maas360.com

MaaS360.com > White Paper

Copyright © 2014 Fiberlink, an IBM company. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Fiberlink Communications Corporation. All brands and their products are trademarks or registered trademarks of their respective holders and should be noted as such. Fiberlink 1787 Sentry Parkway West Blue Bell, PA 19422

June 2014 2

MaaS360.com > White Paper

Mobilize Your Corporate Content and Apps Table of Contents Access with security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Some considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Current technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Device VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Desktop virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Third-party file shares. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Third-party and custom apps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 The importance of policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 MaaS360 Secure Productivity Suite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 MaaS360 Mobile Enterprise Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3

MaaS360.com > White Paper

Mobile Strategy for a New Era In this document we will discuss how continuous monitoring can be applied to laptops, desktop computers and other endpoint devices.

Q: Do you have a comprehensive mobile strategy? A: Mobile strategy? You mean, can our employees get access to email on their mobile device? Sure, we have that.

If this is your answer, you’re not alone. Many companies still rely on email as the “killer app” that enables employees to communicate outside of the office. And this was a huge win even just a couple of years ago. But, let’s face it, checking email and responding outside of the office is not exactly “working” so much as removing a few obstacles, moving things along, and keeping up appearances. In today’s world, mobile collaboration has so much more potential to unlock true productivity and facilitate real work in real time, but most companies have only scratched the surface and have yet to embrace, plan, and deploy a comprehensive mobile strategy that harnesses the power of mobility with secure access to business resources. In this white paper, you will learn how to: • Enable secure mobile access to corporate data without an on-device VPN • Mobilize SharePoint, Windows File Share and all your intranet sites • Protect sensitive corporate data with robust security policies and DLP controls • Provide mobile access without requiring changes to your network or firewall security configuration



• Allow users to collaborate at anytime, anywhere, from their personal devices Read on to learn more about how you can give your employees access to resources behind the firewall while securing your data with authorization, encryption and containerization policies.

4

MaaS360.com > White Paper

Simple Access with Security Here’s a simple challenge: Build a perfectly safe house that can protect all of your priceless valuables. How do you approach it? You could build a house with no windows and no doors—no entry or exit points at all. This would probably be perfectly safe, but not very useful for actual living. Or, you could build it with windows and doors that have top-notch locks and security systems protecting them, and effectively have the same level of security, but still be able to enter, exit, welcome visitors, and get some fresh air without risking the loss of your precious belongings. Your mobile strategy might be just like a house with no windows or doors. Or, it might be like a house with windows and doors that don’t lock at all. You’re charged with security your corporate content, but you also have to make available to users so they can be productive. From customer contact lists to patient data, financial information to Human Resources files, from corporate apps to board minutes—the information your constituents want to access grows daily, and blocking access is no longer a feasible option. You need some windows and doors—and a security system that ensures only those who should be allowed through them can get in. What happens if a user brings a personal smartphone or tablet to work and downloads sales contacts to the device? What if they email their proprietary financial reports to their home email address so they can work in the evening after their children are asleep? What about a vendor? You want to share your content and apps so you can collaborate more efficiently, but what happens when the project is over? These scenarios happen every day. People find ways to get the information they need, putting corporate information at risk every day, unless you facilitate a more secure, reliable and simple way for them to get what they need.

Content Considerations Enterprise content is stored on corporate networks in places like Windows file shares, SharePoint, intranet sites and web apps. The information people need to collaborate with colleagues, partners, and customers to do their jobs is trapped in internal drives and data stores, knowledge bases, internal wikis, ERP, SCM, HRM, CRM, and other management systems or processes. So the question becomes, how do you leverage that for the modern mobile worker who needs anytime, anywhere access – many times from devices that you do not own? As you provtect your data and the internal networks, file shares, and other systems that house it, you may want to think about these considerations as part of your mobile strategy. Some may seem obvious, but they are worth noting.

5

MaaS360.com > White Paper

1. Content must be accessible by users on-demand through a push or pull approach

One of the most important goals of any federal cybersecurity legislation must be to enable the defenders to act as quickly to protect their systems as the attackers can act.

2. Each user must have access only to the content needed based on context and identity 3. Data must be updateable and synchronized across devices over time 4. The process of accessing the data must not be onerous for the user 5. Maintaining security must not be costly, although it is a big investment 6. Maintaining security must not be time consuming for IT 7. Any data in motion must be encrypted and secured 8. Data must not be permitted to leave the organization without authorization 9. Data created and stored in apps must be safeguarded 10. Because personal devices are not owned by the organization, there is a limit to what you can control



Current Technologies Let’s take a look at the technologies being used today, and some of the issues inherent with enabling security and productivity.

Email Email is the killer app for collaboration, but it’s just one tool among many. It isn’t designed for collaboration. Email supports one-to-one or one-to-many communication instead of the many-to-many interactions your users need to be truly productive. This encourages silos to develop between groups that should be working together. Emailed information can easily get stale—people get a spreadsheet and continue to work with it, not realizing it has been superseded by something more current. The biggest problem is that data can be cut, pasted and forwarded to places you don’t want it to go.

VPN Logging on with a VPN is a common choice to provide access behind a firewall. Unfortunately, forcing users to log in for access degrades the user experience. Given a choice between fresh content that’s harder to access and easy-to-reach stale content that comes from old email attachments, people may choose the simpler route. VPNs require per-device licenses so your costs can mount up over time. In addition, there’s evidence

6

MaaS360.com > White Paper

that using a device VPN can drain the device’s battery more quickly. Because mobile devices use wireless technology to connect, you will want to require encryption. However, there’s the question of access while roaming. Any solution that relies on higher-level encryption has the potential to break when users roam between access points. Fortunately, there are some solutions that address that.

Desktop Virtualization Some applications allow you to display a desktop on mobile devices. All the items accessible from the desktop would be available on your smartphone or tablet, too. However, it’s expensive and the user experience is poor. With this approach, availability and performance is heavily dependent on network connectivity. Also, screen size and resolution issues pose another challenge, especially on smartphones which have small displays and workspaces. Applications optimized for a desktop environment may be accessible on a mobile device via desktop virtualization, but that doesn’t mean they’re necessarily usable. Another consideration IT has to take into account is that server and network resources must be able to support numerous devices connecting into their network at the same time.

Third-Party File Shares Third-party file shares allow you to keep collateral in the cloud. The big problem here is that you have no control. Content can be sent to anyone, can be accessed by anyone, and you can have version control issues. There’s a user experience issue here, too. Users don’t like to be forced to learn new software just to get access to the content they need, and you have to factor in the time it will take them to learn it. They can also be costly: as you add users you will need to add licenses, plus you may not be able to leverage your existing investments like apps and content stores.

Third-Party and Custom Apps If you go to a third-party developer for your apps, you are dependent on your vendor. Data leak prevention (DLP) may not be built into the app. You can try to develop your own apps, but then you’ll need staff to support it and any changes that are required for new devices types, operating system updates, etc.

7

MaaS360.com > White Paper

The Importance of Policies it is very clear that security experts, top federal government cybersecurity officials, and Congressional leaders are pushing for an increased emphasis on continuous monitoring, automated monitoring tools, and rapid reaction to attacks on government information technology systems.

If you intend to allow users to access corporate resources on their personal devices, you will need to create policies to regulate how your data is accessed and used. You can require a user to enter a password before accessing important data.

You can also restrict cutting and pasting text from a document.

8

MaaS360.com > White Paper

MaaS360 Secure Productivity Suite MaaS360 Secure Productivity Suite lets you overcome challenges posed by the current technologies with multiple ways of allowing secure access and protecting your data at rest: 1. MaaS360 Secure Mail 2. MaaS360 Application Security 3. MaaS360 Secure Document Sharing 4. MaaS360 Secure Browser MaaS360 uses a Trusted WorkPlace container for a dual persona approach—data, apps and content that are company-specific stay in a protected area on the device. You determine the controls placed on that protected area so mail, contacts, calendars, apps (and app data), documents and web page access can be safeguarded. MaaS360 Secure Productivity Suite uses persona policies to specify security on all a user’s devices. These policies are created in the MaaS360 portal and deployed to enrolled devices over the air, so IT never has to physically touch the devices. When the device falls out of compliance, or the project is over and the vendor leaves, you just remove the container remotely and the data and apps are gone. The container itself has security. It includes FIPS 140-2 compliant, AES-256 encryption. You can require users to enter a passcode when accessing it. You can also use these policy settings to remove the container completely if devices are jailbroken or rooted, or if the devices haven’t checked in within a specified period of time. You can also prevent files from being moved, copied or printed from the container, and you can prevent files from being imported into it.

MaaS360 Mobile Enterprise Gateway MaaS360 Mobile Enterprise Gateway is a key component to make all of this possible. It protects data in motion by providing seamless and secure access to your corporate content and intranet from mobile devices: • Deliver secure mobile access to data without an on-device VPN you don’t need to sign on to the

9

MaaS360.com > White Paper

VPN every time you want information • Mobilize SharePoint, Windows File Shares, intranet sites and web apps • Protect data with robust security policies and DLP controls • No changes to your network or firewall security settings are required

You can configure policy options to manage how MaaS360 Secure Productivity Suite interacts with your users’ devices. For example, you can specify URLs to corporate wikis, bug tracking systems, etc. or corporate folders in the Mobile Access Gateway, and they will appear as bookmarks in MaaS360 Secure Browser. You can also specify if authentication is required to access these locations. MaaS360 Mobile Enterprise Gateway determines what corporate resources users will see when they access the secure container on their devices.

Try before you buy MaaS360 is easy and fast to try—plus the time you invest in configuring MaaS360 for your needs is never wasted. Once you decide that MaaS360 is the right solution for your organization, your trial environment becomes your live environment! For a free trial of MaaS360, please click here. You can start immediately—there’s no complicated set up process or infrastructure to change. MaaS360 today!

All brands and their products, featured or referred to within this document, are trademarks or registered trademarks of their respective holders and should be noted as such.

For More Information

To learn more about our technology and services visit www.maaS360.com. 1787 Sentry Parkway West, Building 18, Suite 200 | Blue Bell, PA 19422 Phone 215.664.1600 | Fax 215.664.1601 | [email protected] WP_201107_0005

10